Integer Overflow Vulnerability in CosmWasm Standard Crate by Rust
CVE-2024-58263

3.7LOW

Key Information:

Vendor: Cosmwasm
Status: Cosmwasm-std
Vendor: CVE Published:; 27 July 2025

What is CVE-2024-58263?

The cosmwasm-std crate for Rust prior to version 2.0.2 contains a vulnerability that allows for integer overflows, leading to inaccurate contract calculations. This can result in unexpected behavior during contract execution, potentially compromising the integrity of transactions and smart contracts built on this framework. It is crucial for developers utilizing this crate to upgrade to version 2.0.2 or later to mitigate this risk.

Affected Version(s)

cosmwasm-std 1.3.0 < 1.4.4

cosmwasm-std 1.5.0 < 1.5.4

cosmwasm-std 2.0.0 < 2.0.2

References

https://rustsec.org/advisories/RUSTSEC-2024-0338.html

https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA...

https://crates.io/crates/cosmwasm-std

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2025
Vulnerability Reserved
Jul 27, 2025

Cosmwasm

What is CVE-2024-58263?

Affected Version(s)

References

CVSS V3.1

Timeline